Deep Instinct speaks out on Delta Electronics attack
Delta Electronics has announced that The Conti ransomware gang has been linked to an attack the Taiwanese electronics manufacturing company who is a major supplier of power components to companies including Apple and Tesla.
The attack took place on January 21, according to a statement shared by the company, which said the attack was detected right away, and its security team intervened to contain infected systems and begin recovery operations.
Brooks Wallace, VP EMEA at Deep Instinct, says organisations like Delta, that supply to other large businesses such as Apple and Tesla, are always at risk from a ransomware attack.
“Delta Electronics’ security policies were crucial in mitigating the impacts of the ransomware attack they suffered at the hands of the Conti ransomware gang. The Taiwanese supplier said that they took the necessary actions to protect critical equipment and systems and it is refreshing to see how seriously large supply chain organisations are taking security. However, it goes to show how sometimes, this is not enough to stop attackers,” says Wallace.
“Although Conti have encrypted 1,500 servers and 12,000 computers and are demanding a $15 million ransom payment, Delta Electronic has managed to mitigate the impact of the cyberattack. Organisations that are put in the stressful position of being held to ransom can end up with their reputation being damaged, and delays in their supply chain, which ultimately effects their customers. After the initial ransomware attack, businesses then have the lingering fear of a double or triple extortion attack with criminals returning and threatening to publish data on the dark web if they do not receive a second payment.
“Past examples such as the Colonial Pipeline attack show the impact of ransomware attacks on supplier organisations with halted fuel supplies and distribution, ultimately leading to fuel shortages. Threat actors know that these supplier companies are more likely to pay ransom demands as they can’t afford for their distribution to be halted, and with Delta reportedly entering negotiations with Conti, their theory seems to have been true on this occasion. With suppliers being a main target for hackers, organisations need to shift their mindset to preventing cyberattacks instead of mitigating the impacts.
“Most solutions, like endpoint detection and response (EDR), need an attack to execute before it can identify activity as malicious or benign, which is too slow when the fastest ransomware attacks can encrypt data within 15 seconds. Organisations need to invest in solutions that use technology, such as deep learning, which can deliver a sub-20 millisecond response time to stop malware pre-execution and before it can take hold. With preventative solutions such as deep learning on the market, organisations will no longer have to fear supply chain attacks like we've witnessed with Colonial Pipeline and Delta. Instead, organisations will be resistant to the demands of ransomware gangs, and they’ll be the ones left with the nasty shock,” he concluded.
Who are the Conti Ransomware gang?
According to Palo Alto Networks, Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that it follows. The group has spent more than a year attacking organisations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack in mid-May that prompted the shutdown of the entire information technology network of the nation's healthcare system – prompting cancellation of appointments, the shutdown of X-ray systems and delays in COVID testing.
The cybersecurity company also said that Conti stands out as “unreliable”. “We've seen the group stiff victims who pay ransoms, expecting to be able to recover their data,” it said in a blog on its website.
The FBI has connected Conti to more than 400 cyberattacks against organisations worldwide, three-quarters of which are based in the U.S., with demands as high as $25 million.
- FBI turns tables on hackers in ransomware “cyber stakeout”Network Security
- Cybercriminals could join with crime gangs for new profitsCyber Security
- ICYMI: Cyber predictions for 2023 and trouble in paradiseCyber Security
- Encryption experts offer critical steps to fight ransomwareCyber Security